RDP connectio to SRSS 4.2

Similar Messages

• SRSS 4.2 NumLock xset No Longer Working

  Dear All,
  I have been using SRSS 4.1 with a custom kiosk which uses 'xset led 1' to turn number-lock on for each new session. On upgrading to SRSS 4.2 (or rather installing 4.2 fresh) this no longer works. Does anybody know if this is a bug with SRSS 4.2?
  Many thanks.
  Chris

  Hello Hartofiowa,
  I'm using custom kiosk scripts at the moment which provide access to several different environments - i.e. RDP either to virtual PCs or Terminal Servers or ICA to Citrix published desktops - depending on parameters passed from our token 'other information' fields.
  The kiosk itself is called the 'Generic X Kiosk' and just provides an x-session for the custom scripting we have to work on. If you look at the scripts that run for the 'Sun Ray Connector for Windows OS' they're basically doing the same thing except that they only call the uttsc program which provides access to RDP hosts. The argument we pass to the Generic X Session is just the path to the custom script that does all the work of connecting to specific host types.
  Part of the custom script has the command 'xset led 1' which turns Num-Lock on. As previous posts have suggested this only works if you disable the XKB extensions.
  If you're not sure then I really wouldn't reccommend hacking around with anything until you've either done the training or spoken to someone with more experience than me (most people I expect) - there are quite a few consultancy companies who are usually more than willing to lend a hand with this kind of thing. Alternatively you can contact Sun and they should be able to point you in the right direction.
  Cheers.
  Chris

• Win2k8 Remote Control Not Working With SRSS 4.2 + SRWC 2.2

  Hi there.
  I have an install of Windows Server 2008 (32bit) with SRSS 4.2 & SRWC 2.2 setup. I was previously on SRSS 4.1 & SRWC 2.1 and having the same issue I am having now, which to me tells me this problem is unresolved or i'm being a total muppet. (hopefully not the last one)
  Windows Terminal Server environments has this awesome remote control feature where you can login to an RDP session which is already active and take control of the session while the end user is still logged in.With Server 2003 this works perfectly fine- it's brilliant. WIth 2008 it is a nightmare. It works for a split second and then closes off. The end users session also gets locked out (not logged out) and they have to put their windows credentials in to carry on working again.
  Now... I can remote control users who are logging in via Remote Desktop on Windows XP/Vista etc.. but I can't with the Sun Ray Sessions. Does the SRWC 2.2 fully compatible with RDP 6.1 or is there any information anyone can give me to point me in the right direction of resolving this issue, like I said.. Win 2k3- Works like a dream....
  Any help would be greatly appreciated.
  Regards
  - Joe.

  I just realised I hadn't posted the logs from SRSS Server with the issues. I have just tried on another WIN2K8 Server which wasn't configured by myself or my company and the same symptoms occurred. See logs below:
  Oct 1 10:58:06 ESL-SOLARIS-SPARE kiosk:uttsc[4095]: [ID 702911 user.notice] /opt/SUNWuttsc/bin/uttsc[104]: 4116 Abort
  Oct 1 10:58:06 ESL-SOLARIS-SPARE Sun Ray Connector proxy:[4117]: [ID 855542 user.error] Child closed socket prematurely, session shutdown
  Oct 1 10:58:06 ESL-SOLARIS-SPARE kiosk:uttsc[4123]: [ID 702911 user.error] /opt/SUNWuttsc/bin/uttsc exited with error code 134 - exiting
  Oct 1 10:58:06 ESL-SOLARIS-SPARE kioskcrit: [ID 702911 user.notice] Info: critical application uttsc (pid=3902) exited with non zero status: 134
  Oct 1 10:58:06 ESL-SOLARIS-SPARE kioskcritd[3752]: [ID 422571 user.info] Info: a critical application has exited.
  Oct 1 10:58:06 ESL-SOLARIS-SPARE kioskcritd[3752]: [ID 126805 user.info] Terminating Kiosk Primary Session ( pid=3902 )
  Oct 1 10:58:06 ESL-SOLARIS-SPARE kioskcritd[3752]: [ID 308018 user.info] kioskcritd stopped
  Oct 1 10:58:07 ESL-SOLARIS-SPARE utauthd: [ID 794400 user.info] SessionManager0 NOTICE: EMPTY: ACTIVE session
  Oct 1 10:58:15 ESL-SOLARIS-SPARE kiosk:utkioskconfig:refresh[4381]: [ID 702911 user.info] Enabled Kiosk Mode for display ':2'
  Oct 1 10:58:15 ESL-SOLARIS-SPARE dtlogin[4274]: [ID 118685 user.info] pam_sunray_amgh::[DPY=2] AMGH_SUMMARY: token=pseudo.00144fb78760, username=, AMGH_Done?=NO(Local Session), Details=AMGH is not configured., AMGH_Target=*NONE*
  Oct 1 10:58:15 ESL-SOLARIS-SPARE dtlogin[4274]: [ID 976841 user.info] pam_kiosk: pam_sm_authenticate: Initiating Kiosk session with user utku2
  Oct 1 10:58:15 ESL-SOLARIS-SPARE kioskcritd[4420]: [ID 190395 user.info] kioskcritd started
  Oct 1 10:58:57 ESL-SOLARIS-SPARE Sun Ray Connector proxy:[4612]: [ID 855542 user.error] Child closed socket prematurely, session shutdown
  Anyone able to help me out?

• Srss 4.2 + srwc 2.2  Flash issue

  I have installed the new SRSS 4.2 and SRWC 2.2 (EA1). The server is running Solaris 5/09 (u7) on a x86 server with 8 GB server. (physical box)
  I have installed the MMR plugin on the windows XP SP 3 machine which as IE 8 with FLASH 10AX.
  I have tried both a physical and a virtual XP machines as well as physical and virtual SRSS servers. This doesn't not seem to have any impact.
  I am trying to play this video http://www.youtube.com/watch?v=zz902h6XxR0 which ive seen play smoothly on a sunray demo, but i cannot reproduce it. This video seems to play fine http://www.youtube.com/watch?v=Kf4PjtBqCcQ&feature=popular
  Video seems to be smoothest when the FLASH redirection is disabled (uttsc -F off) at which point it is just run through the RDP protocol... Isnt this the opposite of what is supposed to happen?
  The audio does stay synced and is smooth, however the FLASH video does NOT appear to have improved at all. Is there something im missing?
  I will be happy to provide more information on my environment.
  thanks
  Pete
  Edited by: psorensen on Aug 18, 2009 12:36 PM

  psorensen wrote:
  I have installed the new SRSS 4.2 and SRWC 2.2 (EA1). The server is running Solaris 5/09 (u7) on a x86 server with 8 GB server. (physical box)
  I have installed the MMR plugin on the windows XP SP 3 machine which as IE 8 with FLASH 10AX.
  I have tried both a physical and a virtual XP machines as well as physical and virtual SRSS servers. This doesn't not seem to have any impact.
  I am trying to play this video http://www.youtube.com/watch?v=zz902h6XxR0 which ive seen play smoothly on a sunray demo, but i cannot reproduce it. This video seems to play fine http://www.youtube.com/watch?v=Kf4PjtBqCcQ&feature=popular
  I don't see any significant issues with the first video (the second one has been removed from YouTube since). What DTU are you using (it works fine with the Sun Ray 2 and 2FS here). How bad is it exactly? Do you see the blue interception icon in the tray while playing (if you move the mouse over it, does the tooltip mention SunFlash)? Do you have enough network bandwidth between the Sun Ray server and the DTU (and the Sun Ray server and the Windows server)? About 6.5 Mbit/s is needed at least for a YouTube video. Is the firmware of the DTU updated to the firmware of the Sun Ray EA release you are testing?
  >
  Video seems to be smoothest when the FLASH redirection is disabled (uttsc -F off) at which point it is just run through the RDP protocol... Isnt this the opposite of what is supposed to happen?Yes, it should be better when -F is not used.
  Laszlo

• Help Please - Random Session Freezes with SRSS 4.2

  Dear All,
  I've just moved about 12 users over to a cluster of two SRSS 4.2 boxes with twin quad-core CPUs and 32GB RAM and they're all suffering with session freezes - I've got no idea why does anyone have any clues what might be happening.
  I've given the boxes about 90GB of swap each so I don't think that's the issue.
  Many thanks.
  Chris

  I've applied a new version of Xnewt (as per this post here: http://forums.sun.com/thread.jspa?threadID=5410724) kindly sent to me by Roberto from Sun. Touch wood things seem to be OK again.
  The main cause appeared to be when users were opening file dialogue boxes in MS Office applications either via Citrix or RDP sessions. Examples included opening documents in Word/Excel and adding/saving attachments to e-mails in Outlook.
  I will update if anything further happens.

• Full Screen RDP

  I am just starting to play with Sun Ray and so far so good apart from a few minor hiccups.
  Setup: Sun Ray 270; Solaris 10/09; SRSS 5.2; SRWC 2.2
  RDP from the java desktop is working fine at the default 640x480 as well as all resolutions stipulated by the uttsc -g command, however, using the uttsc -m (fullscreen) fails.
  I run it from a terminal window and it just hangs doing nothing. I have to open another terminal and kill the PID to stop it.
  I've tried this to a number of different windows machines/OSs with the same result.
  Resetting the SR270 to kiosk mode and going direct to those same machines works perfectly.
  Any thoughts?
  Thanks, Klaus.

  Installed uttscwrap and the issue has been resolved, and I can't replicate it.

• Port Forwarding for RDP 3389 is not working

  Hi,
  I am having trouble getting rdp (port 3389) to forward to my server (10.20.30.20).  I have made sure it is not an issue with the servers firewall, its just the cisco.  I highlighted in red to what i thought I need in my config to get this  to work.  I have removed the last 2 octets of the public IP info for security .Here is the configuration below:
  TAMSATR1#show run
  Building configuration...
  Current configuration : 11082 bytes
  version 15.2
  no service pad
  service timestamps debug datetime msec localtime show-timezone
  service timestamps log datetime msec localtime show-timezone
  service password-encryption
  hostname TAMSATR1
  boot-start-marker
  boot system flash:/c880data-universalk9-mz.152-1.T.bin
  boot-end-marker
  logging count
  logging buffered 16384
  enable secret
  aaa new-model
  aaa authentication login default local
  aaa authentication login ipsec-vpn local
  aaa authentication login ciscocp_vpn_xauth_ml_1 local
  aaa authorization console
  aaa authorization exec default local
  aaa authorization network groupauthor local
  aaa session-id common
  memory-size iomem 10
  clock timezone CST -6 0
  clock summer-time CDT recurring
  crypto pki token default removal timeout 0
  crypto pki trustpoint TP-self-signed-1879941380
  enrollment selfsigned
  subject-name cn=IOS-Self-Signed-Certificate-1879941380
  revocation-check none
  rsakeypair TP-self-signed-1879941380
  crypto pki certificate chain TP-self-signed-1879941380
  certificate self-signed 01
    3082024B 308201B4 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
    31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
    69666963 6174652D 31383739 39343133 3830301E 170D3131 30393136 31393035
    32305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
    4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 38373939
    34313338 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
    8100BD7E 754A0A89 33AFD729 7035E8E1 C29A6806 04A31923 5AE2D53E 9181F76C
    ED17D130 FC9B5767 6FD1F58B 87B3A96D FA74E919 8A87376A FF38A712 BD88DB31
    88042B9C CCA8F3A6 39DC2448 CD749FC7 08805AF6 D3CDFFCB 1FE8B9A5 5466B2A4
    E5DFA69E 636B83E4 3A2C02F9 D806A277 E6379EB8 76186B69 EA94D657 70E25B03
    542D0203 010001A3 73307130 0F060355 1D130101 FF040530 030101FF 301E0603
  ip dhcp excluded-address 10.20.30.1 10.20.30.99
  ip dhcp excluded-address 10.20.30.201 10.20.30.254
  ip dhcp excluded-address 10.20.30.250
  ip dhcp pool tamDHCPpool
  import all
  network 10.20.30.0 255.255.255.0
  default-router 10.20.30.1
  domain-name domain.com
  dns-server 10.20.30.20 8.8.8.8
  ip domain name domain.com
  ip name-server 10.20.30.20
  ip cef
  no ipv6 cef
  license udi pid CISCO881W-GN-A-K9 sn
  crypto vpn anyconnect flash:/webvpn/anyconnect-dart-win-2.5.3054-k9.pkg sequence 1
  ip tftp source-interface Vlan1
  class-map type inspect match-all CCP_SSLVPN
  match access-group name CCP_IP
  policy-map type inspect ccp-sslvpn-pol
  class type inspect CCP_SSLVPN
    pass
  zone security sslvpn-zone
  crypto isakmp policy 10
  encr aes 256
  authentication pre-share
  group 2
  crypto isakmp policy 20
  encr aes 192
  authentication pre-share
  group 2
  crypto isakmp key password
  crypto isakmp client configuration group ipsec-ra
  key password
  dns 10.20.30.20
  domain tamgmt.com
  pool sat-ipsec-vpn-pool
  netmask 255.255.255.0
  crypto ipsec transform-set ipsec-ra esp-aes esp-sha-hmac
  crypto ipsec transform-set TSET esp-aes esp-sha-hmac
  crypto ipsec profile VTI
  set security-association replay window-size 512
  set transform-set TSET
  crypto dynamic-map dynmap 10
  set transform-set ipsec-ra
  reverse-route
  crypto map clientmap client authentication list ipsec-vpn
  crypto map clientmap isakmp authorization list groupauthor
  crypto map clientmap client configuration address respond
  crypto map clientmap 10 ipsec-isakmp dynamic dynmap
  interface Loopback0
  ip address 10.20.250.1 255.255.255.252
  ip nat inside
  ip virtual-reassembly in
  interface Tunnel0
  description To AUS
  ip address 192.168.10.1 255.255.255.252
  load-interval 30
  tunnel source
  tunnel mode ipsec ipv4
  tunnel destination
  tunnel protection ipsec profile VTI
  interface FastEthernet0
  no ip address
  interface FastEthernet1
  no ip address
  interface FastEthernet2
  no ip address
  interface FastEthernet3
  no ip address
  interface FastEthernet4
  ip address 1.2.3.4
  ip access-group INTERNET_IN in
  ip access-group INTERNET_OUT out
  ip nat outside
  ip virtual-reassembly in
  no ip route-cache cef
  ip route-cache policy
  ip policy route-map IPSEC-RA-ROUTE-MAP
  duplex auto
  speed auto
  crypto map clientmap
  interface Virtual-Template1
  ip unnumbered Vlan1
  zone-member security sslvpn-zone
  interface wlan-ap0
  description Service module interface to manage the embedded AP
  ip unnumbered Vlan1
  arp timeout 0
  interface Wlan-GigabitEthernet0
  description Internal switch interface connecting to the embedded AP
  switchport mode trunk
  no ip address
  interface Vlan1
  description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
  ip address 10.20.30.1 255.255.255.0
  ip nat inside
  ip virtual-reassembly in
  ip tcp adjust-mss 1452
  ip local pool sat-ipsec-vpn-pool 10.20.30.209 10.20.30.239
  ip default-gateway 71.41.20.129
  ip forward-protocol nd
  ip http server
  ip http access-class 23
  ip http authentication local
  ip http secure-server
  ip http timeout-policy idle 60 life 86400 requests 10000
  ip dns server
  ip nat inside source list ACL-POLICY-NAT interface FastEthernet4 overload
  ip nat inside source static tcp 10.20.30.20 3389 interface FastEthernet4 3389
  ip nat inside source static 10.20.30.20 (public ip)
  ip route 0.0.0.0 0.0.0.0 public ip
  ip route 10.20.40.0 255.255.255.0 192.168.10.2 name AUS_LAN
  ip access-list extended ACL-POLICY-NAT
  deny   ip 10.0.0.0 0.255.255.255 10.20.30.208 0.0.0.15
  deny   ip 172.16.0.0 0.15.255.255 10.20.30.208 0.0.0.15
  deny   ip 192.168.0.0 0.0.255.255 10.20.30.208 0.0.0.15
  permit ip 10.20.30.0 0.0.0.255 any
  permit ip 10.20.31.208 0.0.0.15 any
  ip access-list extended CCP_IP
  remark CCP_ACL Category=128
  permit ip any any
  ip access-list extended INTERNET_IN
  permit icmp any any echo
  permit icmp any any echo-reply
  permit icmp any any unreachable
  permit icmp any any time-exceeded
  permit esp host 24.153. host 66.196
  permit udp host 24.153 host 71.41.eq isakmp
  permit tcp host 70.123. host 71.41 eq 22
  permit tcp host 72.177. host 71.41 eq 22
  permit tcp host 70.123. host 71.41. eq 22
  permit tcp any host 71..134 eq 443
  permit tcp host 70.123. host 71.41 eq 443
  permit tcp host 72.177. host 71.41. eq 443
  permit udp host 198.82. host 71.41 eq ntp
  permit udp any host 71.41. eq isakmp
  permit udp any host 71.41eq non500-isakmp
  permit tcp host 192.223. host 71.41. eq 4022
  permit tcp host 155.199. host 71.41 eq 4022
  permit tcp host 155.199. host 71.41. eq 4022
  permit udp host 192.223. host 71.41. eq 4022
  permit udp host 155.199. host 71.41. eq 4022
  permit udp host 155.199. host 71.41. eq 4022
  permit tcp any host 10.20.30.20 eq 3389
  evaluate INTERNET_REFLECTED
  deny   ip any any
  ip access-list extended INTERNET_OUT
  permit ip any any reflect INTERNET_REFLECTED timeout 300
  ip access-list extended IPSEC-RA-ROUTE-MAP
  deny   ip 10.20.30.208 0.0.0.15 10.0.0.0 0.255.255.255
  deny   ip 10.20.30.224 0.0.0.15 10.0.0.0 0.255.255.255
  deny   ip 10.20.30.208 0.0.0.15 172.16.0.0 0.15.255.255
  deny   ip 10.20.30.224 0.0.0.15 172.16.0.0 0.15.255.255
  deny   ip 10.20.30.208 0.0.0.15 192.168.0.0 0.0.255.255
  deny   ip 10.20.30.224 0.0.0.15 192.168.0.0 0.0.255.255
  permit ip 10.20.30.208 0.0.0.15 any
  deny   ip any any
  access-list 23 permit 70.123.
  access-list 23 permit 10.20.30.0 0.0.0.255
  access-list 24 permit 72.177.
  no cdp run
  route-map IPSEC-RA-ROUTE-MAP permit 10
  match ip address IPSEC-RA-ROUTE-MAP
  set ip next-hop 10.20.250.2
  banner motd ^C
  UNAUTHORIZED ACCESS TO THIS NETWORK DEVICE IS PROHIBITED.
  You must have explicit permission to access or configure this device.  All activities performed on this device are logged and violations of this policy may result in disciplinary and/or legal action.
  ^C
  line con 0
  logging synchronous
  line aux 0
  line 2
  no activation-character
  no exec
  transport preferred none
  transport input all
  line vty 0
  access-class 23 in
  privilege level 15
  logging synchronous
  transport input telnet ssh
  line vty 1 4
  access-class 23 in
  exec-timeout 5 0
  privilege level 15
  logging synchronous
  transport input telnet ssh
  scheduler max-task-time 5000
  ntp server 198.82.1.201
  webvpn gateway gateway_1
  ip address 71.41. port 443
  http-redirect port 80
  ssl encryption rc4-md5
  ssl trustpoint TP-self-signed-1879941380
  inservice
  webvpn context TAM-SSL-VPN
  title "title"
  logo file titleist_logo.jpg
  secondary-color white
  title-color #CCCC66
  text-color black
  login-message "RESTRICTED ACCESS"
  policy group policy_1
     functions svc-enabled
     svc address-pool "sat-ipsec-vpn-pool"
     svc default-domain "domain.com"
     svc keep-client-installed
     svc split dns "domain.com"
     svc split include 10.0.0.0 255.0.0.0
     svc split include 192.168.0.0 255.255.0.0
     svc split include 172.16.0.0 255.240.0.0
     svc dns-server primary 10.20.30.20
     svc dns-server secondary 66.196.216.10
  default-group-policy policy_1
  aaa authentication list ciscocp_vpn_xauth_ml_1
  gateway gateway_1
  ssl authenticate verify all
  inservice
  end

  Hi,
  I didnt see anything marked with red in the above? (Atleast when I was reading)
  I have not really had to deal with Routers at all since we all access control and NAT with firewalls.
  But to me it seems you have allowed the traffic to the actual IP address of the internal server rather than the public IP NAT IP address which in this case seems to be configured to use your FastEthernet4 interfaces public IP address.
  There also seems to be a Static NAT configured for the same internal host so I am wondering why the Static PAT (Port Forward) is used?
  - Jouni

• Cannot find dashboard and reports after upgrading rdp from 10g to 11g OBIEE

  Hi all
  I am trying to upgrade from OBIEE 10g to 11g. These two products are installed on different servers. I have followed the guide: http://www.oracle.com/technetwork/issue-archive/2011/11-jul/o41bi-402913.html and everything seems to work fine.
  So i have taken a copy of rdp from the server where was installed OBIEE 10g and took it in the server where OBIEE 11g is installed.
  Ran the upgrade tool and upgrade finished successfully. Restarted the BI Servers in core application on Enterprise Manager.
  Now when i access the upgraded rpd, the layers and the fields are fine but I cannot find all the reports and dashboards that i had created.
  Am I missing any upgrade steps?
  Please suggest
  Thank you and best regards

  Hi Deepak,
  Thanks for your response.
  Oracle also came back to me and looks like my method is not valid:
  Hi Jim,
  Thanks a lot for the information. First of all I would like to inform you that upgrade CANNOT be performed across two machine. So, if 10g installation is on Host A, then upgrade to 11g will be on Host A.
  So, in your scenario this is what you can do:
  1. On Host A running Forms/Discoverer 10g on Windows 2003, install Forms/Discoverer/Reports 11g (11.1.1.6.0)
  2. Run the upgrade Assistant to perform the upgrade from 10g to 11g.
  3. Now upgrade OS of Host A to Windows 2008
  In short, I would like to inform you that upgrades across machines does not work. Source instance which is 10g and destination instance which is 11g must exist on same box.
  Here is the documentation which you can follow:
  http://docs.oracle.com/cd/E23943_01/upgrade.1111/e10130/toc.htm
  (Oracle® Fusion Middleware Upgrade Guide for Oracle Portal, Forms, Reports, and Discoverer)
  11g Release 1 (11.1.1)
  Let me know if you have any further questions.
  Thanks,
  Rishi

• Remote App and Desktop RDP client never succeed to logon the RDS gateway server running Windows 2012R2

  Remote App and Desktop RDP client never succeed to logon the RDS gateway server running Windows 2012R2
  1. Client Os : Windows 7 Pro
  2. Server OS : Windows Server 2012R2 with RDS broker and RDS Gateway server with 3.part Certificate  with friendly name sky.mti-itservice.no activated.
  The  main problem is following: The RDP logon session never ends
  Any ideas ?
  Regards
  Kenneth Knudsen
  Email : [email protected]
  mvh Kenneth Knudsen MCSE 2003 HP ASE

  Hi Kenneth,
  Here for your case suggest you to configure RDP session time limit so that your user can disconnect\log off once the specific time limit reached.
  You can setup the session time limit in different method.
  1. Open the Server Manager, select Remote Desktop Services.
  2. In Remote desktop Services, in right side you can drop down to collections.
  3. Select the collection which you want to edit the settings.
  4. Under collections Properties, select Task and then Edit Properties.
  5. In Properties dialog box, select Session.
  6. You can find all thetimeout settings under session collection properties; edit according to your requirements and then OK. 
  And apart also by group policy setting as below.
  Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits 
  User Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits 
  -  Set time limit for disconnected sessions
  -  Set time limit for active but idle Remote Desktop Services sessions
  -  Set time limit for active Remote Desktop Services sessions
  -  End session when time limits are reached
  Please check which setting suitable for your environment and you can apply for your case.
  [Forum FAQ] Restrict number of Active Sessions in RDS 2012 and 2012 R2
  https://social.technet.microsoft.com/Forums/en-US/00c2252b-8ec0-489f-8da2-07a434a9b5a2/forum-faq-restrict-number-of-active-sessions-in-rds-2012-and-2012-r2?forum=winserverTS
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  TechNet Community Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Disabling RDP Compression on Windows Server 2012 R2

  Hi
  On Windows 2008 R2, we could disable RDP compression via GPO by configuring "Do not use an RDP compression algorithm" in the following GPO
  Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Set compression algorithm for RDP data
  It seems like with the Windows Server 2012 R2 GPO's, this setting is no longer available? How do we disable RDP compression so that we can use it with Riverbed products?
  Thanks

  Hi,
  How is the issue going now? Is there any update?
  Thanks.
  Jeremy Wu
  TechNet Community Support

• I need helping!!! configuring RDP access to my local server from a remote location on my Cisco ASA 5505 Firewall.

  I need helping configuring RDP access to my local server from a remote location on my Cisco ASA 5505 Firewall.
  I have attempted to configure rdp access but it does not seem to be working for me Could I please ask someone to help me modify my current configuration to allow this? Please do step by step as I could use all the help I could get.
  I need to allow the following IP addresses to have RDP access to my server:
  66.237.238.193-66.237.238.222
  69.195.249.177-69.195.249.190
  69.65.80.240-69.65.80.249
  My external WAN server info is - 99.89.69.333
  The internal IP address of my server is - 192.168.6.2
  The other server shows up as 99.89.69.334 but is working fine.
  I already added one server for Static route and RDP but when I try to put in same commands it doesnt allow me to for this new one. Please take a look at my configuration file and give me the commands i need in order to put this through. Also please tell me if there are any bad/conflicting entries.
  THE FOLLOWING IS MY CONFIGURATION FILE
  Also I have modified IP information so that its not the ACTUAL ip info for my server/network etc... lol for security reasons of course
  Also the bolded lines are the modifications I made but that arent working.
  ASA Version 7.2(4)
  hostname ciscoasa
  domain-name default.domain.invalid
  enable password DowJbZ7jrm5Nkm5B encrypted
  passwd 2KFQnbNIdI.2KYOU encrypted
  names
  interface Vlan1
  nameif inside
  security-level 100
  ip address 192.168.6.254 255.255.255.0
  interface Vlan2
  nameif outside
  security-level 0
  ip address 99.89.69.233 255.255.255.248
  interface Ethernet0/0
  switchport access vlan 2
  interface Ethernet0/1
  interface Ethernet0/2
  interface Ethernet0/3
  interface Ethernet0/4
  interface Ethernet0/5
  interface Ethernet0/6
  interface Ethernet0/7
  ftp mode passive
  dns server-group DefaultDNS
  domain-name default.domain.invalid
  object-group network EMRMC
  network-object 10.1.2.0 255.255.255.0
  network-object 192.168.10.0 255.255.255.0
  network-object 192.168.11.0 255.255.255.0
  network-object 172.16.0.0 255.255.0.0
  network-object 192.168.9.0 255.255.255.0
  object-group service RDP tcp
  description RDP
  port-object eq 3389
  object-group service GMED tcp
  description GMED
  port-object eq 3390
  object-group service MarsAccess tcp
  description MarsAccess
  port-object range pcanywhere-data 5632
  object-group service MarsFTP tcp
  description MarsFTP
  port-object range ftp-data ftp
  object-group service MarsSupportAppls tcp
  description MarsSupportAppls
  port-object eq 1972
  object-group service MarsUpdatePort tcp
  description MarsUpdatePort
  port-object eq 7835
  object-group service NM1503 tcp
  description NM1503
  port-object eq 1503
  object-group service NM1720 tcp
  description NM1720
  port-object eq h323
  object-group service NM1731 tcp
  description NM1731
  port-object eq 1731
  object-group service NM389 tcp
  description NM389
  port-object eq ldap
  object-group service NM522 tcp
  description NM522
  port-object eq 522
  object-group service SSL tcp
  description SSL
  port-object eq https
  object-group service rdp tcp
  port-object eq 3389
  access-list outside_1_cryptomap extended permit ip 192.168.6.0 255.255.255.0 object-group EMRMC
  access-list inside_nat0_outbound extended permit ip 192.168.6.0 255.255.255.0 192.168.0.0 255.255.0.0
  access-list inside_nat0_outbound extended permit ip 192.168.6.0 255.255.255.0 object-group EMRMC
  access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 host 99.89.69.334 eq pcanywhere-data
  access-list outside_access_in extended permit udp 69.16.158.128 255.255.255.128 host 99.89.69.334 eq pcanywhere-status
  access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 host 99.89.69.334 object-group RDP
  access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq ftp
  access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq ldap
  access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq h323
  access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq telnet
  access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq www
  access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 host 99.89.69.334 object-group SSL
  access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 object-group NM522
  access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 object-group NM1731
  access-list outside_access_in extended permit tcp 173.197.144.48 255.255.255.248 host 99.89.69.334 object-group RDP
  access-list outside_access_in extended permit tcp any interface outside eq 3389
  access-list outside_access_in extended permit tcp host 66.237.238.194 host 99.89.69.333
  access-list outside_access_in extended permit tcp host 66.237.238.194 host 99.89.69.333 object-group rdp
  access-list outside_access_in extended permit tcp any host 99.89.69.333 object-group rdp
  access-list out_in extended permit tcp any host 192.168.6.2 eq 3389
  pager lines 24
  logging enable
  logging asdm informational
  mtu inside 1500
  mtu outside 1500
  icmp unreachable rate-limit 1 burst-size 1
  asdm image disk0:/asdm-524.bin
  no asdm history enable
  arp timeout 14400
  global (outside) 1 interface
  nat (inside) 0 access-list inside_nat0_outbound
  nat (inside) 1 0.0.0.0 0.0.0.0
  static (inside,outside) tcp 99.89.69.334 3389 192.168.6.1 3389 netmask 255.255.255.255
  static (inside,outside) tcp interface 3389 192.168.6.2 3389 netmask 255.255.255.255
  access-group outside_access_in in interface outside
  route outside 0.0.0.0 0.0.0.0 99.89.69.338 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  http server enable
  http 192.168.6.0 255.255.255.0 inside
  http 0.0.0.0 0.0.0.0 outside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
  crypto map outside_map 1 match address outside_1_cryptomap
  crypto map outside_map 1 set peer 68.156.148.5
  crypto map outside_map 1 set transform-set ESP-3DES-MD5
  crypto map outside_map interface outside
  crypto isakmp enable outside
  crypto isakmp policy 10
  authentication pre-share
  encryption 3des
  hash md5
  group 1
  lifetime 86400
  crypto isakmp policy 30
  authentication pre-share
  encryption 3des
  hash md5
  group 2
  lifetime 86400
  telnet timeout 5
  ssh timeout 5
  console timeout 0
  dhcpd auto_config outside
  tunnel-group 68.156.148.5 type ipsec-l2l
  tunnel-group 68.156.148.5 ipsec-attributes
  pre-shared-key *
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum 512
  policy-map global_policy
  class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny
    inspect sunrpc
    inspect sunrpc
    inspect xdmcp
    inspect sip
    inspect netbios
    inspect tftp
  service-policy global_policy global
  prompt hostname context
  Cryptochecksum:f47dfb2cf91833f0366ff572eafefb1d
  : end
  ciscoasa(config-network)#

  Unclear what did not work.  In your original post you include said some commands were added but don't work:
  static (inside,outside) tcp interface 3389 192.168.6.2 3389 netmask 255.255.255.255
  and later you state you add another command that gets an error:
  static (inside,outside) tcp 99.89.69.333 3389 192.168.6.2 3389 netmask 255.255.255.255
  You also stated that 99.89.69.333 (actually 99.89.69.233, guessing from the rest of your config and other posts) is your WAN IP address.
  The first static statement matches Cisco's documentation, which states that a static statement must use the 'interface' directive when you are trying to do static PAT utilizing the IP address of the interface.  Since 99.89.69.333 is the assigned IP address of your WAN interface, that may explain why the second statement fails.
  Any reason why you are using static PAT (including the port number 3389) instead of just skipping that directive?  Static PAT usually makes sense when you need to change the TCP port number.  In your example, you are not changing the TCP port 3389.

• Drive Redirection virtual channel hangs when copying a file from server to client over RDP 8.1

  Problem Summary:
  A UTF-8 without BOM Web RoE XML file output from a line of business application will not drag and drop copy nor copy/paste from a Server 2012 R2 RD Session Host running RD Gateway to a Windows 7 Remote Desktop client over an RDP 8.1 connection and the Drive
  Redirection virtual channel hangs.  The same issue affects a test client/server with only Remote Desktop enabled on the server.
  Other files copy with no issue.  See below for more info.
  Environment:
  Server 2012 R2 Standard v6.3.9600 Build 9600
  the production server runs RDS Session Host and RD Gateway roles (on the same server).  BUT,
  the issue can be reproduced on a test machine running this OS with simply Remote Desktop enabled for Remote Administration
  Windows 7 Pro w SP1v6.1.7601 SP1 Build 7601 running updates to support RDP 8.1
  More Information:
  -the file is a UTF-8 w/o BOM (Byte Order Marker) file containing XML data and has a .BLK extension.  It is a Web Record of Employment (RoE) data file exported from the Maestro accounting application.
  -the XML file that does not copy does successfully validate against CRA's validation XML Schema for Web RoE files
  -Video redirection is NOT AFFECTED and continues to work
  -the Drive Redirection virtual channel can be re-established by disconnecting/reconnecting
  -when the copy fails, a file is created on the client and is a similar size to the original.  However, the contents are incomplete.  The file appears blank but CTRL-A shows whitespace
  -we can copy the contents into a file created with Notepad and then that file, which used to copy, will then NOT copy
  -the issue affects another Server 2012 R2 test installation, not just the production server
  -it also affects other client Win7 Pro systems against affected server
  -the issue is uni-directional i.e. copy fails server to client but succeeds client to server
  -I don't notice any event log entries at the time I attempt to copy the file.
  What DOES WORK
  -downgrading to RDP 7.1 on the client WORKS
  -modifying the file > 2 characters -- either changing existing characters or adding characters (CRLFs) WORKS
  -compressing the file WORKS e.g. to a ZIP file
  -copying OTHER files of smaller, same, and larger sizes WORKS
  What DOES NOT WORK?
  -changing the name and/or extension does not work
  -copying and pasting affected content into a text file that used to have different content and did copy before, then does not work
  -Disabling SMB3 and SMB2 does not work
  -modifying TCP auto-tuning does not work
  -disabling WinFW on both client and server does not work
  As noted above, if I modify the affected file to sanitize it's contents, it will work, so it's not much help.  I'm going to try to get a sample file exported that I can upload since I can't give you the original.
  Your help is greatly appreciated!
  Thanks.
  Kevin

  Hi Dharmesh,
  Thanks for your reply!
  The issue does seem to affect multiple users.  I'm not fully clear on whether it's multiple users and the same employee's file, but I suspect so.
  The issue happens with a specific XML file and I've since determined that it seems to affect the exported RoE XML file for one employee (record?) in the software.  Other employees appear to work.
  The biggest issue is that there's limited support from the vendor in this scenario.  Their app is supported on 2012 R2 RDS.
  What I can't quite wrap my head around are
  why does it work in RDP 7.1 but not 8.1?  What differences between the two for drive redirection would have it work in 7.1 and not 8.1?
  when I examine the affected file, it really doesn't appear any different than one that works.  I used Notepad++ and it shows the encoding as the same and there doesn't appear to be any invalid characters in the affected file.  I wondered
  if there was some string of characters that was being misinterpreted by RDP or some other operation and blocked somehow but besides having disabled AV and firewall software on both ends, I'm not sure what else I could change to test that further
  Since it seems to affect only the one employee's XML file AND since modifying that file to change details in order to post it online would then make that file able to be copied, it seems I won't be able to post a sample.  Too bad.
  Kevin

• ASA 5505 + ASA 5540 static VPN, ssh and rdp problems

  Greetings!
  I've recentely set up a VPN between Cisco ASA 5540(8.4) ana 5505(8.3).
  Everything works fine, but there is a small problem that is really annoying me.
  From the inside network behind ASA 5505 I connect via rdp or ssh to a host inside ASA 5540.
  Then I minimize ssh and rdp windows and don't use it for ten minutes. But I still use VPN for downloading some files.
  Then I open ssh window - the session is inactive, open rdp window - I see a black screen (for 10-15 seconds, and then it shows RDP)
  There are no timeouts on ssh or rdp hosts configured, via GRE tunnel it works perfectly without any hangs.
  What can I do to get rid of this problem?
  Thanks in advance.

  Dear Fedor,
  You could try adding the following commands to your configuration (on both ASAs) in order to increase the timeout values of the specific TCP sessions:
  access-l rdp_ssh permit tcp 1.1.1.0 255.255.255.0 2.2.2.0 255.255.255.0 eq 22
  access-l rdp_ssh permit tcp 1.1.1.0 255.255.255.0 2.2.2.0 255.255.255.0 eq 3389
  class-map TCP_TIMEOUT
        match access-list rdp_ssh
  policy-map global_policy
       class TCP_TIMEOUT
            set connection timeout idle 0:30:00
            set connection timeout half 0:30:00
  * Please make sure you define the specific RDP and SSH ports in the ACL and avoid the use of "permit ip any any".
  Let me know.
  Portu.
  Please rate any post you find useful.

• RDP from inside to outside using PAT?

  I have several client machines( inside) that needs to have an RDP access to one server(outside) reside on customer site. The challenge is that the clinet machines can be anywhere/any subnet at any given time and will have different IP address from DHCP.Because of this i can't use the static NAT.  Also, I only need RDP access from my network to the customer server only. So will it work if i use PAT? Thanks for the help in advance

  Hello Sandeep,
  In my opinion there shouldnt be any issue since you are Natiing the RDP clients to a single IP. As long as we have static nat and permission at the destination ( Server Side) it should work
  Hope it helps
  Harish.

• ASA 5505 AnyConnect VPN Can RDP to clients but can't ping/icmp

  Hello all,
  I've been searching all day for a solution to this problem. I setup and SSL anyconnect VPN on my Cisco ASA 5505. It works well and connects with out a problem. However, I can't ping any internal clients, but I can RDP to them. It may be something simple and I would appreciate any help. Most of the time people end up posting their config so I will as well.
  MafSecASA# show run
  : Saved
  ASA Version 8.2(1)
  hostname MafSecASA
  domain-name mafsec.com
  names
  interface Vlan1
  nameif inside
  security-level 100
  ip address 10.4.0.1 255.255.255.0
  interface Vlan2
  nameif outside
  security-level 0
  ip address 7.3.3.2 255.255.255.248
  interface Vlan3
  no forward interface Vlan1
  nameif dmz
  security-level 50
  ip address 172.20.1.1 255.255.255.0
  interface Ethernet0/0
  switchport access vlan 2
  speed 100
  duplex full
  interface Ethernet0/1
  speed 100
  duplex full
  interface Ethernet0/2
  interface Ethernet0/3
  interface Ethernet0/4
  interface Ethernet0/5
  interface Ethernet0/6
  interface Ethernet0/7
  switchport access vlan 3
  ftp mode passive
  clock timezone EST -5
  clock summer-time EDT recurring
  dns server-group DefaultDNS
  domain-name mafsec.com
  same-security-traffic permit intra-interface
  object-group protocol DM_INLINE_PROTOCOL_1
  protocol-object ip
  protocol-object tcp
  protocol-object udp
  protocol-object icmp
  object-group protocol DM_INLINE_PROTOCOL_2
  protocol-object ip
  protocol-object udp
  protocol-object tcp
  protocol-object icmp
  object-group protocol DM_INLINE_PROTOCOL_3
  protocol-object ip
  protocol-object icmp
  object-group protocol DM_INLINE_PROTOCOL_4
  protocol-object ip
  protocol-object icmp
  access-list inside_access_in extended permit icmp any any
  access-list inside_access_in extended permit ip any any
  access-list inside_access_in remark allow remote users to internal users
  access-list inside_access_in remark allow remote users to internal users
  access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_4 10.4.0.0 255.255.255.0 10.5.0.0 255.255.255.0
  access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_3 10.5.0.0 255.255.255.0 10.4.0.0 255.255.255.0
  access-list outside_access_in extended permit icmp any any
  access-list inside_split_tunnel standard permit 10.4.0.0 255.255.255.0
  access-list inside_split_tunnel standard permit 10.5.0.0 255.255.255.0
  access-list inside_nat0_outbound extended permit ip 10.4.0.0 255.255.255.0 10.4.0.0 255.255.255.0
  access-list inside_nat0_outbound extended permit ip 10.4.0.0 255.255.255.0 10.5.0.0 255.255.255.0
  access-list inside_nat0_outbound extended permit ip 10.5.0.0 255.255.255.0 10.4.0.0 255.255.255.0
  access-list inside_nat0_outbound_1 extended permit ip 10.4.0.0 255.255.255.0 10.4.0.0 255.255.255.0
  access-list inside_nat0_outbound_1 extended permit ip 10.4.0.0 255.255.255.0 10.5.0.0 255.255.255.0
  access-list inside_nat0_outbound_1 extended permit ip 10.5.0.0 255.255.255.0 10.4.0.0 255.255.255.0
  pager lines 24
  logging asdm informational
  mtu inside 1500
  mtu outside 1500
  mtu dmz 1500
  ip local pool SSLVPNPool2 10.5.0.1-10.5.0.254 mask 255.255.255.0
  ip verify reverse-path interface outside
  icmp unreachable rate-limit 1 burst-size 1
  icmp permit any inside
  icmp permit any outside
  no asdm history enable
  arp timeout 14400
  nat-control
  global (outside) 1 interface
  nat (inside) 0 access-list inside_nat0_outbound_1
  nat (inside) 1 0.0.0.0 0.0.0.0
  access-group inside_access_in in interface inside
  access-group outside_access_in in interface outside
  route outside 0.0.0.0 0.0.0.0 7.3.3.6 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  dynamic-access-policy-record DfltAccessPolicy
  aaa authentication enable console LOCAL
  aaa authentication ssh console LOCAL
  http server enable
  http 10.4.0.0 255.255.255.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
  crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
  crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
  crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
  crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
  crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
  crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
  crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
  crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
  crypto map outside_map interface outside
  crypto isakmp enable outside
  crypto isakmp policy 5
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  crypto isakmp policy 10
  authentication pre-share
  encryption des
  hash sha
  group 2
  lifetime 86400
  telnet timeout 5
  ssh 10.4.0.0 255.255.255.0 inside
  ssh timeout 5
  ssh version 2
  console timeout 0
  dhcpd option 6 ip 8.8.8.8 8.8.4.4
  dhcpd address 10.4.0.15-10.4.0.245 inside
  dhcpd dns 8.8.8.8 8.8.4.4 interface inside
  dhcpd lease 86400 interface inside
  dhcpd option 3 ip 10.4.0.1 interface inside
  dhcpd enable inside
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  webvpn
  enable outside
  svc image disk0:/anyconnect-win-2.5.3055-k9.pkg 1
  svc image disk0:/anyconnect-macosx-i386-2.5.3055-k9.pkg 2
  svc enable
  tunnel-group-list enable
  group-policy SSLVPN internal
  group-policy SSLVPN attributes
  dns-server value 8.8.8.8 8.8.4.4
  vpn-tunnel-protocol svc
  group-lock none
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value inside_split_tunnel
  vlan none
  address-pools value SSLVPNPool2
  group-policy DfltGrpPolicy attributes
  vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
  username user1 password
  username user1 attributes
  service-type remote-access
  username user2 password
  tunnel-group SSLVPNGROUP type remote-access
  tunnel-group SSLVPNGROUP general-attributes
  address-pool SSLVPNPool2
  default-group-policy SSLVPN
  tunnel-group SSLVPNGROUP webvpn-attributes
  group-alias SSLVPN enable
  prompt hostname context
  Cryptochecksum:3b16cbc9bbdfa20e6987857c1916a396
  : end
  Thank in advance for any help!

  Your config actually looks good (you have the ACL that would allow the echo-reply back since you don't have inspection turned on) - are you sure this isn't a windows firewall issue on the PCs?  I'd try pinging a router or switch just to make sure.
  --Jason